Lucene search

K
gentooGentoo FoundationGLSA-201408-08
HistoryAug 26, 2014 - 12:00 a.m.

file: Denial of service

2014-08-2600:00:00
Gentoo Foundation
security.gentoo.org
18

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.004

Percentile

74.8%

Background

file is a utility that guesses a file format by scanning binary data for patterns.

Description

BEGIN regular expression in the awk script detector in magic/Magdir/commands uses multiple wildcards with unlimited repetitions.

Impact

A context-dependent attacker could entice a user to open a specially crafted file, possibly resulting in a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All file users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/file-5.15"
OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-apps/file< 5.15UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.004

Percentile

74.8%